Page 2 of 3
Re: Monitoring event id in Nagios ystem.
Posted: Wed Nov 06, 2013 1:50 pm
by imran_khan
Hello,
I have ran the below command and getting critical alert.
./check_nrpe -H IP_Address -p 5666 -c CheckEventLog -a filter=new file=all MinWarn=1 MinCrit=2 filter-generated=\<30 filter+eventID=="4111" filter+eventType==all filter=all
eventlog: 0 < critical|'eventlog'=0;1;2;
Event id 4111 is not present in 30 minute. Please guide me.
Thanks,
Imran Khan.
Re: Monitoring event id in Nagios ystem.
Posted: Wed Nov 06, 2013 2:48 pm
by slansing
Does using eventID 1111 return the same? Is this a valid ID?
Re: Monitoring event id in Nagios ystem.
Posted: Wed Nov 06, 2013 2:56 pm
by imran_khan
Hello,
I am using id:- 4111and it is valid.
Thanks,
Imran Khan.
Re: Monitoring event id in Nagios ystem.
Posted: Wed Nov 06, 2013 2:59 pm
by abrist
what is the full output of the command:
Code: Select all
./check_nrpe -H IP_Address -p 5666 -c CheckEventLog -a filter=new file=all MinWarn=1 MinCrit=2 filter-generated=\<30 filter+eventID=="4111" filter+eventType==all filter=all
eventlog: 0 < critical|'eventlog'=0;1;2;
Re: Monitoring event id in Nagios ystem.
Posted: Wed Nov 06, 2013 3:10 pm
by imran_khan
Hello,
Out put of command is as below only.
eventlog: 0 < critical|'eventlog'=0;1;2;
Thanks,
Imran Khan.
Re: Monitoring event id in Nagios ystem.
Posted: Wed Nov 06, 2013 3:25 pm
by abrist
Try changing min to max:
Code: Select all
./check_nrpe -H IP_Address -p 5666 -c CheckEventLog -a filter=new file=all MaxWarn=1 MaxCrit=2 filter-generated=\<30 filter+eventID=="4111" filter+eventType==all filter=all
Re: Monitoring event id in Nagios ystem.
Posted: Wed Nov 06, 2013 3:39 pm
by imran_khan
Hello,
Tried but getting same output.
./check_nrpe -H IP_Address -p 5666 -c CheckEventLog -a filter=new file=all MaxWarn=1 MaxCrit=2 filter-generated=\>15d filter+eventID=="4111" filter+eventType==all filter=all
Eventlog check ok|'eventlog'=0;1;2;
./check_nrpe -H IP_Address -p 5666 -c CheckEventLog -a filter=new file=all MaxWarn=1 MaxCrit=2 filter-generated=\>60d filter+eventID=="4111" filter+eventType==all filter=all
Eventlog check ok|'eventlog'=0;1;2;
./check_nrpe -H IP_Address -p 5666 -c CheckEventLog -a filter=new file=all MaxWarn=1 MaxCrit=2 filter-generated=\>30m filter+eventID=="4111" filter+eventType==all filter=all
Eventlog check ok|'eventlog'=0;1;2;
Thanks,
Imran Khan.
Re: Monitoring event id in Nagios ystem.
Posted: Wed Nov 06, 2013 3:50 pm
by abrist
imran_khan wrote:Tried but getting same output.
In what way? I though you said it was not present in the past 30 minutes. That would make the check
'ok' now instead of critical. Is that not the output you posted?
imran_khan wrote:Eventlog check ok|'eventlog'=0;1;2;
Re: Monitoring event id in Nagios ystem.
Posted: Wed Nov 06, 2013 4:13 pm
by imran_khan
Hello,
But this id is present in last one week, 1-month and 2-month, it should display critical alert if event id is present. correct?
I have mentioned my last post >15d, >60d and >30m but it display result OK for all the commands.
Thanks,
Imran Khan.
Re: Monitoring event id in Nagios ystem.
Posted: Thu Nov 07, 2013 11:49 am
by abrist
Well, color me confused.
imran_khan wrote:
Event id 4111 is not present in 30 minute. Please guide me.
imran_khan wrote:But this id is present in last one week, 1-month and 2-month, it should display critical alert if event id is present. correct?
I have mentioned my last post >15d, >60d and >30m but it display result OK for all the commands.
Which is it?
Can you please explain when you want this check to alert and what thresholds you want to set.